I've only been prompted for credentials when joining a domain, not when leaving one. And those are always for the new domain, not the old.
-------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Rich Milburn [mailto:[EMAIL PROTECTED] > Sent: Monday, December 29, 2003 10:38 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > > You know... it's one of those things I rarely bother to do > because I do #2 > below, and the couple of times I have done it, I've never > checked to see if > the account was gone. Seems like you _should_ need domain > privs to remove a > computer from the domain, and it _should_ delete the computer > account... now > that you mention it I have "removed" computers from the > domain without being > able to contact the DC. What's the point of asking for an > account that can > remove it from the domain, if you have to be an admin to get > that far in the > first place? (though I've never tried switching to workgroup > as a non-admin > account so maybe it will let you try to remove the computer > from the domain > as a regular user and just ask for an admin account?) > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > Sent: Monday, December 29, 2003 8:58 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > Actually, removing a computer from the domain on the client side (i.e. > changing its domain membership to a workgroup) does NOT > remove the machine > account from AD (nor did it remove the account in NT4 > domains). No domain > rights are required to remove a machine from the domain - you > can prove this > by using the local admin account of a machine to remove it > from the domain. > Local admin has no domain rights, yet you can remove the > machine from the > domain. > > The only action I know of which will remove the computer account > automatically is running DCPromo to remove a DC. > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Rich Milburn [mailto:[EMAIL PROTECTED] > > Sent: Monday, December 29, 2003 9:32 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > > > > > Irwan forgive me if I read you wrong... > > > > I think what he's asking is about leaving the computer > > accounts in AD or > > deleting them. When you remove the computer from the domain > > (like join it > > to a workgroup) it removes the computer account from the > > domain. Or you can > > turn the computer off and delete the account forcefully with > > ADUC or dsrm or > > whatever. Or you can reset the account - something I've > rarely used, > > because I didn't know what the difference was from deleting > > the account and > > adding the new computer with the same name. > > > > Rich > > > > -----Original Message----- > > From: Rick Kingslan [mailto:[EMAIL PROTECTED] > > Sent: Sunday, December 28, 2003 1:32 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] Upgrading computers and computer objects > > > > Irwan, > > > > I would concur that option two is the most successful > method, from my > > experience. For all intents and purposes, the Computer object is a > > derivative of the User object and has a SID associated with > > it. Simply > > naming a computer the same as an existing object will not > > yield the desired > > result, and will often cause unpredicatble results. > > > > I might not be reading the options correctly, but I see > > option one and three > > as the same. > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > Associate Expert > > Expert Zone - www.microsoft.com/windowsxp/expertzone > > WebLog - www.msmvps.com/willhack4food > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Irwan Hadi > > Sent: Sunday, December 28, 2003 7:29 AM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Upgrading computers and computer objects > > > > I'm curious what is the best practice or recommended way for > > the following > > case: > > I have several computers that are joined to the domain, and > > I'm going to > > upgrade some of thse computers with a different computer > > (newer), though the > > UNC name of these computers will remain the same. > > Should I: > > 1. Remove the old computers from the domain, install the new > > computers, and > > join them to the domain? > > 2. Since there are several computers, can I just delete the > > corresponding > > computer objects in the ADUC, install the new computers, and > > join them to > > the domain? > > 3. Just put the new computers in place, and join them with > > the same name? > > > > So far, I'm doing the second way, because I think it is the > > cleanest way. > > > > Thanks > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > -------APPLEBEE'S INTERNATIONAL, INC. > > CONFIDENTIALITY NOTICE------- > > PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in > > this message or > > any attachments. This information is strictly confidential > and may be > > subject to attorney-client privilege. This message is > > intended only for the > > use of the named addressee. If you are not the intended > > recipient of this > > message, unauthorized forwarding, printing, copying, > > distribution, or using > > such information is strictly prohibited and may be unlawful. > > If you have > > received this in error, you should kindly notify the sender > > by reply e-mail > > and immediately destroy this message. Unauthorized > > interception of this > > e-mail is a violation of federal criminal law. Applebee's > > International, > > Inc. reserves the right to monitor and review the content of > > all messages > > sent to and from this e-mail address. Messages sent to or > > from this e-mail > > address may be stored on the Applebee's International, Inc. > > e-mail system. > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > -------APPLEBEE'S INTERNATIONAL, INC. > CONFIDENTIALITY NOTICE------- > PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in > this message or > any attachments. This information is strictly confidential and may be > subject to attorney-client privilege. This message is > intended only for the > use of the named addressee. If you are not the intended > recipient of this > message, unauthorized forwarding, printing, copying, > distribution, or using > such information is strictly prohibited and may be unlawful. > If you have > received this in error, you should kindly notify the sender > by reply e-mail > and immediately destroy this message. Unauthorized > interception of this > e-mail is a violation of federal criminal law. Applebee's > International, > Inc. reserves the right to monitor and review the content of > all messages > sent to and from this e-mail address. Messages sent to or > from this e-mail > address may be stored on the Applebee's International, Inc. > e-mail system. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
